Eg. they have to enter a date in format: 'yyyy-mm-dd' and they enter: <script>.....</script> etc. or anything for that matter. Although that would prob be too long for the field, but you get the idea.
How do other people out there tend to handle this? As it only affects the user that post the data if anything is malicious.
Some options that I have come up with are:
1. Displaying previous data (or empty field) for example if user is editing something.
2. Just displaying exactly what they entered again on the screen.
3. Stripping out certain undesirable characters before displaying.
Thanks,
Rob
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
